FKIE_CVE-2021-46905

Vulnerability from fkie_nvd - Published: 2024-02-26 16:27 - Updated: 2024-11-21 06:34
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19efPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19efPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53ePatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 5.12
linux linux_kernel 5.12
linux linux_kernel 5.12
linux linux_kernel 5.12
linux linux_kernel 5.12
linux linux_kernel 5.12
linux linux_kernel 5.12
linux linux_kernel 5.12
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4018ABCC-3436-498F-A06A-64578CF99BC5",
              "versionEndExcluding": "4.19.189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC57D065-3933-4083-BA07-817D4CBF8157",
              "versionEndExcluding": "5.4.115",
              "versionStartIncluding": "4.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "995EF7FE-8C8F-470B-8214-BC0C68B162C3",
              "versionEndExcluding": "5.10.33",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C74925C-5E45-4C6F-9E47-653DC5ACBE9E",
              "versionEndExcluding": "5.11.17",
              "versionStartIncluding": "5.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*",
              "matchCriteriaId": "75EB504D-4A83-4C67-9C8D-FD9C6C8EB4CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "07875739-0CCB-4F48-9330-3D4B6A4064FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DA09B732-04F8-452C-94CF-97644E78684D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E5371152-7515-4908-BB7E-494805EA5DF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D7788E5B-D54E-45BF-9043-2C7B77842FD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A935F9F1-DA8B-49F4-BF2B-FA01A92F113E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "DF0AF673-12B7-4274-9090-411D4939CB62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "06AE06A6-A0C3-4556-BFFA-3D6E4BAC43C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix NULL-deref on disconnect regression\n\nCommit 8a12f8836145 (\"net: hso: fix null-ptr-deref during tty device\nunregistration\") fixed the racy minor allocation reported by syzbot, but\nintroduced an unconditional NULL-pointer dereference on every disconnect\ninstead.\n\nSpecifically, the serial device table must no longer be accessed after\nthe minor has been released by hso_serial_tty_unregister()."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: hso: corrige NULL-deref durante la regresi\u00f3n de desconexi\u00f3n. El Commit 8a12f8836145 (\"net: hso: corrige null-ptr-deref durante la cancelaci\u00f3n del registro del dispositivo tty\") corrigi\u00f3 la asignaci\u00f3n menor picante reportada por syzbot, pero en su lugar introdujo una desreferencia de puntero NULL incondicional en cada desconexi\u00f3n. Espec\u00edficamente, ya no se debe acceder a la tabla de dispositivos serie despu\u00e9s de que hso_serial_tty_unregister() haya liberado al menor."
    }
  ],
  "id": "CVE-2021-46905",
  "lastModified": "2024-11-21T06:34:54.113",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-26T16:27:45.367",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.